LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-28-2009, 03:39 AM   #1
dstu
Member
 
Registered: Dec 2006
Posts: 37

Rep: Reputation: 0
CentOS 5.3 Firewall/Protection


Hello,

We need to install a firewall program to defend our Linux server from unauthorized access.

Specifically, we need to configure which ports and protocols are allowed from specific IP addresses or subnets and limit any other access.

What reliable open-source software is there with an easy to use web interface?

Thank you in advance,

David
 
Old 10-28-2009, 03:44 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
You don't need to install anything, it's all there already. The system-config-security level contains a basic firewall configuration tool, or you can just directly edit /etc/sysconfig/iptables. I really wouldn't recommend a web interface for modifying firewall configurations.
 
Old 10-28-2009, 03:46 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by dstu View Post
We need to install a firewall program to defend our Linux server from unauthorized access.

Specifically, we need to configure which ports and protocols are allowed from specific IP addresses or subnets and limit any other access.

What reliable open-source software is there with an easy to use web interface?
Well, CentOS already comes with the standard GNU/Linux firewall, which is Netfilter. It also brings the standard configuration tool, iptables. So basically you'd want a Web-based front end to iptables. Something like Firewall Builder, perhaps?
 
Old 10-28-2009, 03:48 AM   #4
dstu
Member
 
Registered: Dec 2006
Posts: 37

Original Poster
Rep: Reputation: 0
Hi Chris,

Thank you for your prompt response.

I have a Gnome interface and through it, I accessed the firewall, but I disabled it, because what I could configure there is only the port and protocol, and not specific origins.

Do I need to re-enable the built-in firewall? How do I define security policies?

Thanks,

David
 
Old 10-28-2009, 03:53 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Really think you can define source IP's in the default tool... Hmm. Personally I'd just edit the config file directly, taking a few examples to get the syntax right. That's only my preference TBH though. As Winsux said, there are web interfaces if you really want one, and some are really quite advanced. It all comes back to iptables config files of varying compelxity though.

Note that Linux only ever has ONE firewall, NetFilter w/ IPTables. Everything else, i.e. clicky pointy tools, are just wrappers for making config files for NetFilter, in the form of IPTables commands to directly modify it.
 
Old 10-29-2009, 10:56 PM   #6
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
I agree with everyone else. You're better off learning the command line tools and editing the files. Adding web access just increases the surface area and also extra rules in your rule set.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Do I need a firewall and virus protection for Ubuntu? adhinsley Linux - Newbie 31 10-13-2009 11:56 AM
arno-iptables & router based firewall protection perry Linux - Security 1 09-17-2007 02:27 PM
D-Link firewall enough protection ? cwynn Linux - Networking 1 08-10-2005 12:16 PM
Setting up a Debian proxy with firewall and virus protection ghanalinux Linux - Security 1 06-30-2005 10:43 AM
BEST firewall and virus protection for Linux sschreiner72 Linux - Software 8 02-01-2004 12:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration